ID CVE-2006-0255 Type cve Reporter NVD Modified 2011-03-07T21:29:39
Description
Unquoted Windows search path vulnerability in Check Point VPN-1 SecureClient might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run when SecureClient attempts to launch the Sr_GUI.exe program.
{"href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0255", "history": [], "references": ["http://www.securityfocus.com/archive/1/archive/1/422263/100/0/threaded", "http://secdev.zoller.lu/research/checkpoint.txt", "http://www.securityfocus.com/bid/16290", "http://www.vupen.com/english/advisories/2006/0258"], "lastseen": "2016-09-03T06:22:42", "bulletinFamily": "NVD", "title": "CVE-2006-0255", "cpe": ["cpe:/a:checkpoint:vpn-1:4.1:sp4", "cpe:/a:checkpoint:vpn-1:4.1:sp6", "cpe:/a:checkpoint:vpn-1:4.1:sp5", "cpe:/a:checkpoint:vpn-1:4.1", "cpe:/a:checkpoint:vpn-1:4.1:sp5a", "cpe:/a:checkpoint:vpn-1:4.1:sp3", "cpe:/a:checkpoint:vpn-1:::fp1", "cpe:/a:checkpoint:vpn-1:4.1:sp2", "cpe:/a:checkpoint:vpn-1:4.1:sp1"], "viewCount": 0, "id": "CVE-2006-0255", "hash": "b1cfd10c1b6309cc1372b457444efff2b31bef2ea2cc81e9c47a40a4c49f91db", "description": "Unquoted Windows search path vulnerability in Check Point VPN-1 SecureClient might allow local users to gain privileges via a malicious \"program.exe\" file in the C: folder, which is run when SecureClient attempts to launch the Sr_GUI.exe program.", "edition": 1, "assessment": {"name": "", "href": "", "system": ""}, "cvelist": ["CVE-2006-0255"], "scanner": [], "modified": "2011-03-07T21:29:39", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "objectVersion": "1.2", "reporter": "NVD", "type": "cve", "published": "2006-01-17T20:51:00", "enchantments": {"vulnersScore": 7.2}}
{"result": {"osvdb": [{"id": "OSVDB:22703", "type": "osvdb", "title": "Check Point VPN-1 SecureClient SR_Watchdog.exe Path Subversion Privilege Escalation", "description": "# No description provided by the source\n\n## References:\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0586.html\nKeyword: TZO-012006-Checkpoint\nFrSIRT Advisory: ADV-2006-0258\n[CVE-2006-0255](https://vulners.com/cve/CVE-2006-0255)\nBugtraq ID: 16290\n", "published": "2006-01-17T22:08:03", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/osvdb/OSVDB:22703", "cvelist": ["CVE-2006-0255"], "lastseen": "2017-04-28T13:20:19"}]}}
